Updated: June 15, 2009
Applies To: Windows 7, Windows Server 2008 R2
Configuring policy setting in this category can help you document domain attempts to authenticate account data, either to a domain controller or a local Security Accounts Manager (SAM). Unlike Logon/Logoff policy settings and events, which track attempts to access a particular computer, settings and events in this category focus on the account database being used. This category includes the following subcategories:
Audit Credential Validation
Audit Kerberos Authentication Service
Audit Kerberos Service Ticket Operations
Audit Other Account Logon Events
For more information about audit events that are generated by Account Logon audit settings in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=157780).